<?php
require('../../include/connectdb.php');
session_start();
if($_SESSION['login']==false){
$_SESSION['error']="Cảnh báo: bạn phải đăng nhập trước khi vào phần quản trị trang web";
header('location:../index.php');
}
$act=$_GET['act'];
if($act=='add'){
	$detail=$_POST['detail'];
	$title=$_POST['title'];
	$url=$_POST['url'];
	$status=$_POST['status'];
	$sql="insert sanpham (spTitle,spDetail,spImg,spStatus) values('".$title."','".$detail."','".$url."',".$status.")";
	mysql_query($sql);
	header('location:../main.php?page=lpro');
}
if($act=='edit'){
	$ID=$_GET['ID'];
	$detail=$_POST['detail'];
	$title=$_POST['title'];
	$url=$_POST['url'];
	$status=$_POST['status'];
	$sql="select * from sanpham where spId=".$ID;
	$res=mysql_query($sql);
	$r=mysql_fetch_array($res);
	if($r['spTitle']!=$title){
		$sql="update sanpham set spTitle='".$title."' where spId=".$ID;
		mysql_query($sql);	
	}
	if($r['spDetail']!=$detail){
		$sql="update sanpham set spDetail='".$detail."'  where spId=".$ID;
		mysql_query($sql);	
	}
	if($r['spStatus']!=$status){
		$sql="update sanpham set spStatus=".$status." where spId=".$ID;
		mysql_query($sql);	
	}
	if($r['spImg']!=$url){
		$sql="update sanpham set spImg='".$url."' where spId=".$ID;
		mysql_query($sql);	
	}
	header('location:../main.php?page=lpro');
}
?>